If you think you can rely solely on your bank’s internet security to protect you, think again. Researchers at IBM Security have uncovered new malware that targets consumers in order to steal money from their accounts.
“We already know of $4 million that was stolen by this malware,” said Etay Maor, an executive advisor with IBM Security. The worst part: It’s still out there.
Maor led the Israel-based team that discovered the malware, which has already been used against undisclosed banks in the U.S., Canada and Europe.
The virus, known as GozNym, is a combination of two pieces of malware — one that infects the computer and the other that waits silently like a serpent until the user visits the website of a financial institution.
“The criminal is sitting on the other end obtaining that info in real time,” Maor said.
What’s really different about this malware, according to Maor, is that it’s hard for researchers to even analyze because hackers doubled the encryption.
“When we first saw it, we were saying something bad is happening here but we’ve never seen this before … there are so many layers, we had to break in just to understand what it was,” said Maor.
It’s also much harder for anti-virus software and other solutions to detect it — leaving the end user completely in the dark.
Consumers’ computers typically get infected with GozNym by clicking on links in emails. (Right now, the virus appears to be limited to PCs.) The email might be a message about a security solution or update. If you click the link — you might think nothing happened, but from that point on you are exposed.
Maor and his team believe the hackers behind the new virus are located somewhere in Eastern Europe.
“Don’t get this wrong, we are up against professional programmers … not kids,” he said.
While GozNym represents a new level of sophistication, viruses targeting financial institutions are not new.
Just last year, 20 million financial records were stolen by malware, Maor said. While exact losses are hard to tally, by some estimates it could run into the billions of dollars.
How to protect yourself
To guard yourself from GozNym and other viruses, do not click on links in any suspicious emails.
Also, keep your operating system and anti-virus software up-to-date. Software providers are in the process of releasing updates that hopefully will disable GozNym.
Another best practice is to avoid reusing passwords as this can let hackers into multiple accounts.
You should also have two ways to check your account balances, such as using paper statements, ATM receipts or a mobile app in addition to online banking.
The criminals behind GozNym are so sophisticated they can change online banking websites to show full balances even after funds have been transferred out.
Catching the criminals
Meanwhile, banks are working to protect consumer accounts.
“The financial services industry takes this very seriously,” said Bill Nelson, president and CEO of the Financial Services Information Sharing and Analysis Center, a group set up by the industry to share threat information, and which has 7,000 members.
And while banks have tools in place to battle against GozNym, “cybersecurity is a shared responsibility between customers and the banks,” according to Doug Johnson, senior vice president for payments and cybersecurity at the American Bankers Association.
Law enforcement would like to bring the criminals to justice.
“The FBI — along with our federal, international and private sector partners — will continue to combat cybercrimes, including those involving malware,” a spokeswoman explained in an email.